Posts

Apps for Stalkers Disguised as Parental Control Tools

Sell something called “SuperParent” or even the actual FlexiSpy — and all is swell. Frankly, I’m not opposed to monitoring a child’s phone, kids shouldn’t have phones anyways.

But sell something called “iStalk” or “StalkU,” well … this won’t quite go over well with the authorities or the general community.

It’s all in a name (pardon the cliché).

Apps that track users contain Spyware. A wannabe stalker can secretly install such an app on their intended victim’s phone via any of the following:

  • Manual access to the phone
  • Link to a Twitter share
  • Share for LinkedIn or Whatsapp
  • Text a link posing as security update

Sending a “malicious” link works when its clicked. However the stalker will usually need to have access to the victim’s phone to install the tracking software. With the way people leave their phones lying around, this is fairly easy to do – to users who don’t have a password set up for their device or share their password with their “stalker”.

What can some “stalking apps” track?

  • Call logs
  • Contents of text and chat messages
  • Location of phone (and hence, victim if the phone is with them)
  • Listening in to ambient sounds picked up by the phones microphone
  • Listening in to phone calls
  • Access to voicemail

According to a 2014 study by the National Network to End Domestic Violence, 54% of domestic abusers use tracking software, for which its icon can be visibly concealed from the victim.

Though availability of tracking apps has become more limited over time, due to the revelations of how these have been abused, they are still available, such as mSpy, which can be easily downloaded to Android devices.

Downloading stalkware to iPhones is more challenging, but far from impossible. In fact, one technique doesn’t even require physical access to the target’s phone. And even then…this can be breached by a techy stalker.

How do app makers cover their butts?

They include language with their apps, such as citing that consent of the target is required before installation, or that the app company will cooperate with law enforcement should a complaint be reported.

Stalkware isn’t going away anytime soon. Thus, the emphasis needs to be on prevention.

How to Prevent Remote Stalking

  • Heavens, please don’t let your new boyfriend/girlfriend talk you out of having a password with some kind of nonsense like, “If you trusted me you wouldn’t need a password.”
  • Never share passwords.
  • Tell him or her – on the first date – that  your phone is off-limits to them. If they give you flack, it’s over. Only a control freak would mind this.
  • If they keep cool, this could be an act to gain your trust. Never leave your phone alone with that special someone.
  • Keep your phone turned off unless you’re using it.
  • Disable the GPS feature.
  • Never leave your phone unsupervised in the presence of other people, even your new boyfriend’s great-grandmother.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Does Your Mobile Have Spyware on It?

You have a mobile phone, you might think it’s pretty safe, but what you might not realize is that these devices can have spyware on them. Keep in mind, many of the “signs” listed below are everyday normal phone behaviors. But combined, might mean spyware. Here are some of the signs:

Unusual Background Noise

While common, humming, static, or other weird noises could be a sign that someone is tapping your line. Though all phones might have strange noises from time to time, you should check if there are other signs if you notice them. This is especially the case if you hear them when your phone is not in use.

Short Battery Life

Also common, another sign of a hacked phone is a short battery life. If you notice that your battery is suddenly losing power, it’s possible that there is malicious software running in the background. But don’t panic….yet.

Try Shutting it Down

If something seems weird with your mobile phone, try shutting it down. Watch how it reacts when you shut it down. Phones that have been hacked often won’t shut down correctly or never shut down, even though you tell it to. Still, a common issues with mobiles.

Look for Suspicious Activity

If you notice something suspicious, like your phone turning on or off by itself or apps getting installed or deleted, someone might have hacked it. Other suspicious signs that someone has hacked your phone include strange text messages that contain random letters or numbers. You might see pop-up ads or other issues, too.

Check for any Electronic Interferences

Though it might not be uncommon to get interference from other electronics, such as a computer, another phone, or even a television, it shouldn’t happen if you are not on a call. If it does, it could be a sign of something malicious, for instance, someone listening in on your phone calls.

Look at Your Phone Bill

If your phone bill shows more text or data usage than you typically use, it might be a sign that your mobile phone is hacked. Things like spyware can cause your data to rise, and this could definitely cause your bill to rise. However, keep in mind, if you just downloaded a new app, this could be the cause of your data usage. Also, make sure that no one in your home is using the data, such as your kids, who are notorious for this.

Use Caution when Downloading New Apps

Finally, when you download a new app, make sure they are safe. Most apps from the App Store or Google Play are safe, but occasionally, a malicious app will sneak in. If an app asks for access to your contact list, call history, or address book, use caution.

If you ever suspect spyware, back up your apps and reset the device back to factory then reinstall everything. Keep in mind, unless an iPhone is “jailbroken” spyware is unlikely. But with Androids, spyware is serious. Install antivirus on Androids.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Oh No, iOS Hacked by NSO

Recently, says a report at wired.com, it’s been unveiled that the obscure Israel-based NSO Group has been selling spyware delivered to smartphones through vulnerabilities in Apple’s iOS operating system.

“Pegasus” spyware can put a surveillance out on nearly everything including keystrokes, e-mails, video feeds and phone calls. Apple says that the three vulnerabilities with this spyware (“Trident”) have been patched.

In short, NSO Group’s spyware has been reverse engineered for the first time—achieved by the security research firm Lookout, which discovered Pegasus. Also getting credit for the discovery is Citizen Lab.

  • Ahmed Mansoor, a well-known human rights activist with a history of being targeted by surveillance spyware, sent the security firms the suspicious SMS text messages he had received.
  • Mansoor’s mobile device was running iOS’s latest version when two phishing texts came in with links. He had refused to click them.
  • Instead he sent screenshots to Citizen Lab. The links led to a blank Safari browser page. The analysis then began.
  • The spyware was intended to jailbreak the phone.

Jailbreaking an iPhone means the user can bypass Apple’s plan and customize the experience. However, in the Pegasus case, remote hackers wanted this control.

Citizen Lab and Lookout took their analysis to Apple, who made the patches within 10 days. The recommendation is to regularly download the latest iOS versions to help protect the device from attacks. The latest iOS version will stop Pegasus. However, it’s possible for NSO to infiltrate other phone operating systems like Android with the spyware, says Citizen Lab and Lookout.

NSO Group has no website, and supposedly, earns $75 million a year, with governments as the typical clients, and may have up to 500 employees. It won’t be any surprise if a new and similar threat follows soon, as the NSO Group is quite advanced, with a solid software development organization.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Should Stalking or Spying Apps be banned?

The words “spying” and “stalking” have negative connotations, but there’s a flipside to the coin: parents monitoring their kids’ online activities and physical locations. And how about middle-aged adults keeping track of the whereabouts of their aged parents with dementia?

7WIf you fear that apps for “spying” might get banned, here’s bad news: U.S. Senator Al Franken is pushing for this.

However, Franken’s proposed law will actually permit these constructive uses. His plan is to require companies to give permission to users before collecting location data or conducting any sharing of it. But suppose a real stalker poses as a concerned parent, how would the company know?

And when spying and stalking apps are used malevolently, should their makers bear responsibility? Is this like saying that the company that makes steak knives is responsible for the man who used one to stab his ex-friend?

However, maybe that all depends on whom the stalking and spying app company targets for customers. A now defunct maker of stalking apps targeted people who wanted to stalk their spouses, and its CEO was indicted last year and fined half a mil.

Another such maker, markets their product for good uses like keeping tabs on kids: a smarter move. Their site even calls their software “monitoring” rather than “stalking” or “spying.”

With that all said, it’s illegal to spy on someone with these apps without their permission. The line is very blurry, because it’s not illegal for a manager at the workplace to follow a subordinate and watch his every move, including what he’s doing on his computer during work hours.

Banning these kinds of apps will not go over well with the many parents who see them as a godsend for keeping a watchful eye on their kids, not to mention the many middle-agers who, without these apps, would fear that their elderly parents with dementia might wander off and get lost or in harm’s way.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

What is a Virus?

Have you ever had the chicken pox? This common childhood illness has another name—the varicella zoster virus. Like all viruses, varicella replicates itself, spreading though the body, and eventually appearing as itchy red blisters all over the body. But the virus doesn’t stop there; it can spread to other people through physical contact and through the air when an infected person coughs or sneezes. It’s not a very fun illness to have.

6DViruses don’t just affect humans; there are viruses that can affect your tech devices. A tech virus is a malicious program file that can also replicate itself and infect other devices through techniques like malicious links and sketchy downloads. But unlike the chicken pox where the virus eventually appears on your skin, a virus could be wreaking havoc on your device and you might not even know it!

Computer and mobile viruses can take many different form factors, but all are usually intended to do harm to your device, steal your personal info or money or both. Some examples of viruses include a Trojan Horse, which masquerades as something neutral or benevolent, but is programmed to infect the hard drive or even crash it. Spyware is a virus that observes your activities like logging into your bank account, collects this data (e.g., password, answer to secret question, username) and sends it to the hacker. And a worm, like other viruses, can corrupt files, steal sensitive information, or modify system settings to make your machine more vulnerable, but it’s different in that it can replicate and send copies of itself to other computers in a network without any human interaction.

There are several clues that could mean that your device has a virus. For example, if you notice your device is suddenly running at a snail’s pace. Another example is programs or apps opening and closing on their own. Or a major sign would be if you receive an email from a friend responding to a mass email you supposedly sent promoting some great deal on a pharmaceutical (that you never actually sent).

Just like there are things you can do to prevent the chicken pox, like wash your hands and stay away from infected people, there are ways to prevent a virus from getting on your device.

  • Be wary. Don’t open attachments from people you don’t know.
  • Think before you click. Don’t click blindly. Check the link URL to make sure you are being directed to a legitimate site.
  • Keep your OS and browser updated. Make sure that you install the latest updates for your operating system and browser as well as any hardware updates that are available for your device as these often close up security holes.
  • Install security software. Use comprehensive security software that protects all your devices, like McAfee LiveSafe™.

Here’s to keeping all your devices nice and healthy!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

What is a Potentially Unwanted Program (PUP)?

Whether you’re an animal person or not, you have to admit that puppies are pretty darn cute. So cute that there are YouTube Channels, Facebook accounts, and Buzzfeed newsletters devoted to the subject. Unfortunately, there’s a not so cute PUP out in the world, and it wants access to your device. What I’m talking about is a potentially unwanted program (PUP). What is an unwanted program? It’s software or an app that you don’t explicitly want on your device. PUPs usually are bundled with freeware and often installs without your permission.

1SNote: PUPs are not malware. The main difference is that you give consent to download the PUP, even though you might not know about it if you don’t read the agreements or installation process thoroughly.

So if PUPs aren’t malware, why are they bad? Some PUPs contain spyware including keyloggers, dialers, and other software to gather your information which could lead to identity theft. Others may display annoying advertisements on your device. Even if the PUP doesn’t have any malicious content, too many PUPs can slow down your device by taking up space on your device and it can weaker your device’s security, making you vulnerable to malware.

Companies or hackers use several techniques to get you to download PUPs. One technique is offering multiple installation options. Although the standard or default options may be highly recommended by the company or hacker, it is usually the custom or advanced option that is PUP-free. Another trick is automatically including PUPs in the installation. You have to uncheck the boxes to opt-out of the PUP. Sometimes they will gray the opt-out option so it looks like you can’t get out of downloading a PUP. Other companies will sneak clauses about PUPs into the end user license agreement. This means when you click to agree with their user terms, you also agree to download PUPs.

Here’s some tips on how to make sure you don’t get a PUP.

  • Be picky. Hesitate before downloading any freeware. Do you really need that Guardian of the Galaxy wallpaper for your laptop? Be vigilant and only download from trusted sites.
  • Customize. When downloading a program, it may be tempting to use the standard or default installation, but this version usually includes downloading programs you don’t need. Choose the custom installation.
  • Opt out. Instead of asking you to opt in to PUPs, companies will automatically include the PUPs in the installation; it’s up to you to say no. For example, a freeware program might recommend that you install a free browser add-on andbelow this statement will be a box that is checked that indicates you want to install the add-on. If you don’t uncheck the box, you can potentially download a PUP you may know very little about.
  • Read the fine print. Read the End User License Agreement before you accept it. There may be a clause about PUPs.
  • Have comprehensive security software. Install security software that works for all of your devices, like McAfee LiveSafe™ service. McAfee LiveSafe can detect PUPs and remove them from your device.

Remember it’s much more fun to snuggle with furry pups rather than the computer code kind.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

This is what Spy Software looks like

If you’ve ever watched virtually any spy flick or James Bond movie you’re familiar with “bugs” – those little dime-sized metallic things that the bad guys would secretly stick under someone’s desk to record any conversation in the room—picked up by a receiver in their car. Or, the phone was “tapped” – the device was inside the receiver.

2WHow primitive! Because these days, all of your computer, mobile, tablet and online activities can be “bugged” – without someone ever coming into your home or office—remote spying—done with spyware. They know what you’re posting to Facebook, what videos you’re watching, what secrets you’re telling or hiding—anything and everything. They may even be watching YOU as you type or recording your keystrokes.

Spyware companies sell the technology and it’s legal to purchase. Spyware ranges from $40 to $200 a month. Based on their sales, it’s feasible that millions of Internet users are being spied on.

Selling spyware is perfectly legal, as mentioned, even though this can get into the wrong hands. But it’s akin to the legal sales and use of knives. In the wrong hands, even a butter knife could be a dangerous weapon.

Though some spyware devices must be installed physically on the target’s device (e.g., wife installing on her husband’s device, employer installing on employee device, parent on child’s device), some devices can be installed remotely.

This isn’t as techy as you think. The spyware companies want to make money, so they’ve made it easy to install and use their products. Parents wanting to know what’s going on with their teenagers are drawn to this technology. So are psycho-stalkers.

Spyware is a big hit with people wanting to find out if their spouse or significant other is cheating on them, and many even focus on this in their ads. Another demographic that’s drawn to spyware are employers who want to see what their employees are up to.

But let’s not forget that a thief could spy on someone to get their credit card number, passwords and other crucial information and then use it to drain their bank accounts, max out their credit card or open a new credit card under their name and go wild with it.

Spyware can also be used to eavesdrop on phone calls after the snooper (or stalker) puts the app in the phone. There are cases in which abusive men did just this to their partner’s phone after the partner fled from them, then tracked them down and committed violence against them. So should spyware be banned? Well, it goes back to the butter knife analogy.

Spyware gets away with legality because of its strong legitimacy in terms of parents keeping an eye on their kids, and employers monitoring employees whom they think are goofing off on the job. However, an employer can take it further and “follow” where the employee goes on lunch break or to see if they went to that big basketball game when they called in sick.

That’s pushing it, but it can go even further: The spyware customer could intercept phone calls, text messages and anything else the unsuspecting target does on their smartphone. However, even though spyware came out in the mid ‘90s, there have been only three prosecutions. If it’s ever outlawed, parents will go berserk.

How many times have you read about something horrible that a teenager did, that was somehow connected to their online activities, and you thought, “Where were the parents when all this was going on? Weren’t they monitoring their kid’s online activities? Didn’t the parents care what their child was doing online?” Etc., etc.?

If these parents had had one of these spyware programs, maybe they would have nipped their kids’ problems in the bud and prevented tragedy. But don’t let these cases fool you: Parents make up a large percentage of spyware customers.

Critics of spyware won’t back down, including legislators, and maybe that’s why some companies are requiring customers to identify themselves as parents or employers in order to use their applications. This sounds more like defensive TOS, since anyone can claim they’re a parent or workplace supervisor without having to prove it. What’s a company really going to do…send out a private investigator to see if the new user really DOES have a teenager?

Now that you know more about spyware, how can you prevent someone from bugging your phone or computer? Keep your devices locked. Never leave your phone where someone can get to it.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Hotel PCs serve up Infections

You can legally purchase spyware and install it on your computer, but it’s against the law to do so on someone else’s device. Spyware records e-mails, chats, browser history, passwords, usernames, etc.

4DYou’d buy it for your computer if you wanted to know what your tween was up to on it or how much your employees are goofing off.

This same kind of software can infect your computer after you click on a link in a strange e-mail or visit a malicious website that downloads a virus. Spyware can also be in the form of a flash drive-like tool that a snoop or crook could connect to someone’s PC and obtain private information.

Not surprisingly, this technology has made it possible to infect PCs at hotels. In Dallas recently, computers were infected at several major hotels. The crooks used hotel computers to access Gmail accounts, then downloaded and installed the flash drive-like tool to track keystrokes of unsuspecting innocent guest users as they typed in passwords and usernames to access their bank and other online services.

This is why you should use a public computer only for website browsing for the latest news or entertainment. Even if the PC is within visual range of hotel staff, a crook could still easily connect a keylogger. This is just too easy to do once the criminal sits down at a computer.

If you absolutely must print something out from your e-mail account, at least use a throwaway e-mail address like 10minutemail.com or yopmail.com. Use your smartphone to forward e-mails to the throwaway address. Next, access the temporary address from the hotel PC.

Lock down BIOS settings, then secure them with a solid password. This way, people can’t boot up a computer with a flash drive or CD. But not all operating systems support these protective measures. Your best bet, again, is to use hotel PCs only for entertainment or checking on the weather.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Best Way to Destroy a Computer Virus

Computer viruses are here to stay, which means users need to know the best way to eradicate them the moment they attack. Like disease viruses, computer viruses evolve and get “smarter.” The many different kinds of computer viruses (such as worms, Trojans, spyware) are called malware: malicious software.

4HIn general, security software comes with instructions for getting rid of or containing malware.

For Windows users, Microsoft provides tools that get rid of malware. Between your operating system and antivirus software, you will have the basic tools for fighting off most viruses.

Tips for Protecting Your Computer

  • Every day, run a quick scan of all of your devices. But in addition, run a weekly deep scan. Either type of scan can be manually set up or set on an automatic timer (which is actually a lot better since you wont have to remember to do it).
  • Your e-mail program should be set to alert you before you download any graphics or executable files. If you can, set your e-mail to display only text, and to alert you before loading any graphics or links.
  • If you don’t recognize an e-mail sender, and the message includes a link, never click on the link. If the link has you curious, then visit the associated website via outside the e-mail, or, manually type the link’s web address into your browser. In fact, don’t even click on links in e-mails that are supposedly from a familiar sender. Fraudsters can make it look as though the sender is someone you know. Never mind how they do this; it happens.

You can outwit cybercriminals. You just have to be a little smarter than they are and never think, “It can’t happen to MY computer.” There’s nothing special about your computer that makes it intrinsically immune to cyber threats. You must be proactive and take measures to prevent malware attacks.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Make Information Security a Priority

Just about everyone has private information that should be protected. Let’s begin with something you’ve surely heard of: antivirus protection.

3DBut this isn’t enough to guard your personal data. A free antivirus service may not even update automatically, and this is very important to keep up with rapidly evolving technology. Your protection is worth the fee for Antivirus, a firewall, antiphishing software and antispyware.

When’s the last time you updated your browser? Hackers love old, outdated browsers. After you finish this article, update your browser and set your computer to automatically download any future update.

The same goes with your operating system. Update!

Don’t miss out on encryption, which scrambles data so that prying eyes can’t make sense of it. Your computer might already have the feature of encrypting folders, files or the whole disk. If not, you can get a third-party encryption program for free.

If your computer were to crash right this instant, how much data would you lose? You shouldn’t lose much if every day you back your data up on an external drive. Another option is a cloud-based storage system, which is encrypted. The fee for that may be $100 annually or less.

We all know that 123qwe is such an easy password to remember, especially if it’s for all gazillion of your accounts. You know whom else finds this very convenient? Hackers!

If it’s easy for you, it’s easy for them! Every account should have a unique password, and if this is too dizzying, then use a password manager. And choose long passwords that include various characters and exclude words that can be found in a dictionary or successive numbers/letters on a keyboard.

That wireless connection of yours is great—for your neighbor if he decides to get a free ride, or even hack into your data. A WPA2 encryption built into the router will protect you. With public WiFi, use a virtual private network like Hotspot Shield.

Your smartphone also needs protection with all the tools mentioned above, and that includes a VPN.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.